Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Got something nasty I think!


  • Please log in to reply

#1
smawpaws

smawpaws

    Member

  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:08:37 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
C:\Program Files\Calenz\Calenz.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlparena....php?name=Forums
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0676CC61-CDC5-447e-AAFC-9D886EC820EB} - C:\WINDOWS\system32\iruivusm.dll
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\glejiegy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\juvhrcav.dll",setvm
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Calenz Startup.lnk = C:\Program Files\Calenz\Calenz.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\BJ\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120340141859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: dnsmfc - C:\WINDOWS\Cursors\dnsmfc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.sub.../Fixwareout.exe
or
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch.
Fix these with HJT – mark them, close IE, click fix checked

O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14

O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14



If you have connection problems after this

* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
· Double-click the Network Connections icon
· Right-click the Local Area Connection icon and select Properties.
· Hilight Internet Protocol (TCP/IP) and click the Properties button.
· Be sure Obtain DNS server address automatically is selected.
· OK your way out.

* Go to Start > Run and type in cmd
· Click OK.
· This will open a commad prompt.
· Type or copy and paste the following line in the command window:

ipconfig /flushdns
· Hit Enter
· Exit the command window

Do that before you restart.

=============
At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

==================================
If you get an Autoexec nt error do the following

XP Fix - http://www.visualtour.com/downloads/

Scroll down to get XP Fix

And run FixWareout again.
========================

Download Superantispyware

http://www.superanti...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log
  • 0

#3
smawpaws

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Note: I could not get rid of the two 17's in hijack this. I loose my internet connection everytime, after following instructions exactly.




SUPERAntiSpyware Scan Log
Generated 01/01/2007 at 05:23 PM

Application Version : 3.4.1000

Core Rules Database Version : 3157
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 01:47:42

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 7213
Registry threats detected : 137
File items scanned : 101781
File threats detected : 144

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Skyler\Cookies\[email protected][1].txt

Adware.MyWebSearch
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable

Parasite.CoolWebSearch Variant
HKCR\CLSID\{2CE95F6D-9E41-C988-B2AC-14875897D9A9}
HKCR\CLSID\{2CE95F6D-9E41-C988-B2AC-14875897D9A9}\Data

Adware.FavoritePrez
HKCR\CLSID\{871A54C1-1EB3-48BD-A879-5DBA4EF16BE6}
HKCR\CLSID\{871A54C1-1EB3-48BD-A879-5DBA4EF16BE6}\InprocServer32
HKCR\CLSID\{871A54C1-1EB3-48BD-A879-5DBA4EF16BE6}\InprocServer32#ThreadingModel
C:\DOCUMENTS AND SETTINGS\GREENHELLBILLY\LOCAL SETTINGS\TEMP\NKQGCARS.DLL
C:\DOCUMENTS AND SETTINGS\SKYLER\LOCAL SETTINGS\TEMP\LIXDWAGH.DLL
C:\DOCUMENTS AND SETTINGS\SKYLER\LOCAL SETTINGS\TEMP\TPBMHIET.DLL
C:\WINDOWS\SYSTEM32\CHQBGEXV.DLL
C:\WINDOWS\SYSTEM32\GLEJIEGY.DLL
C:\WINDOWS\SYSTEM32\XEDPRLWE.DLL

Unclassified.Unknown Origin
HKCR\CLSID\{0676CC61-CDC5-447E-AAFC-9D886EC820EB}
HKCR\CLSID\{0676CC61-CDC5-447E-AAFC-9D886EC820EB}\InprocServer32
HKCR\CLSID\{0676CC61-CDC5-447E-AAFC-9D886EC820EB}\InprocServer32#ThreadingModel
HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}
HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32
HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32#ThreadingModel

Adware.WebHancer
C:\Program Files\em\dohancer\webinstaller.exe
C:\Program Files\em\dohancer\whCC-GIANT3.exe
C:\Program Files\em\dohancer
C:\WINDOWS\HANCERDOEM.EXE

Adware.QuickLinks
HKLM\Software\jijyL
HKLM\Software\jijyL#t2j3rji
HKLM\Software\jijyL#aRIdm3
HKLM\Software\jijyL#sW4b

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.Windows Overlay Components/SysMon
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Type
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Start
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.MediaMotor
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\safe.tlb [  ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/safe.tlb#{5526B4C6-63D6-41A1-9783-0FABF529859A}
C:\WINDOWS\System32\safe.tlb
C:\WINDOWS\mm06y.ini

Adware.Mirar/NetNucleus
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [  ]

Trojan.Malware
C:\asdf.txt

Trojan.PestTrap
HKU\S-1-5-21-854245398-1078081533-725345543-1003\Software\SNO2

Adware.Elite Media
C:\WINDOWS\em06y.ini

Adware.Toolbar888
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#UninstallString
C:\PROGRAM FILES\COMMON FILES\{384A2A46-0703-1033-1217-020409200001}\888.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1023\A0366389.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1024\A0366447.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366505.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1026\A0366584.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1027\A0366645.DLL

Adware.IST/YourSiteBar
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#win32089414812554
HKLM\Software\System\sysold#win32089414812554.exe

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
HKLM\Software\Cowabanga
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga#UninstallString
C:\Program Files\Cowabanga\License.txt
C:\Program Files\Cowabanga\uninstaller.exe
C:\Program Files\Cowabanga
C:\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1023\A0366385.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1024\A0366443.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366501.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1026\A0366580.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1027\A0366641.EXE

Adware.MyWay
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\Cache\0470A3FB.bmp
C:\Program Files\MyWay\myBar\Cache\0470FAA6.bmp
C:\Program Files\MyWay\myBar\Cache\04712B4B.bmp
C:\Program Files\MyWay\myBar\Cache\files.ini
C:\Program Files\MyWay\myBar\Cache
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay

Adware.BitLocker
HKCR\ONONE.Theimp
HKCR\ONONE.Theimp\CLSID
HKCR\ONONE.Theimp\CurVer
HKCR\ONONE.Theimp.1
HKCR\ONONE.Theimp.1\CLSID

Adware.IPWins
HKU\S-1-5-21-854245398-1078081533-725345543-1003\Software\IpWins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString
C:\Program Files\ipwins

Adware.Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString

Trojan.StoneDrv
C:\WINDOWS\system32\inistone.ini

Trojan.ASPI113210
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000#DeviceDesc

Adware.eZula/BannerRotator
HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}
HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\ProxyStubClsid
HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\ProxyStubClsid32
HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\TypeLib
HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\TypeLib#Version
HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}
HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\ProxyStubClsid
HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\ProxyStubClsid32
HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\TypeLib
HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\TypeLib#Version

Adware.AdRotate/System
HKCR\Crypt.Core
HKCR\Crypt.Core\CLSID
HKCR\Crypt.Core\CurVer
HKCR\Crypt.Core.1
HKCR\Crypt.Core.1\CLSID
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\InprocServer32
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\InprocServer32#ThreadingModel
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\ProgID
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\Programmable
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\TypeLib
HKCR\CLSID\{2CAB0356-88E3-4902-A85D-379689C625E1}\VersionIndependentProgID
HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}
HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0
HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\0
HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\0\win32
HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\FLAGS
HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\HELPDIR

Trojan.Downloader-RPCC
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#DllName
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Asynchronous
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Impersonate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rpcc#Startup

Trojan.Drop/Gen Variant
C:\!KILLBOX\AB602395.EXE
C:\!KILLBOX\AB602395.EXE( 16)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP991\A0352918.EXE

Worm.Rbot Variant
C:\!KILLBOX\EIM03.EXE
C:\!KILLBOX\EIM03.EXE( 7)

Trojan.TaskDir
C:\!KILLBOX\TASKDIR~.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1019\A0365157.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1020\A0365204.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1021\A0365249.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1023\A0366406.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1024\A0366464.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366522.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366564.DLL

Adware.ClickSpring
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\CROSOF~1.NET\REGSVR32.EXE
C:\Documents and Settings\Owner\My Documents\PPPATC~1\HKNTFS~1.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1021\A0365318.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1023\A0366394.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1024\A0366452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1026\A0366589.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1027\A0366650.EXE

Trojan.Downloader-Z/Gen
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\WDCSADSAD
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366563.EXE
C:\WINDOWS\SYSTEM32\Z266.EXE
C:\WINDOWS\SYSTEM32\Z289.EXE

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\KQIQ\KQIQD\CLASS-BARREL

Adware.Accoona
C:\PROGRAM FILES\FILESUBMIT\HORSECUR.ZIP\ATOOLBAR400134.EXE
C:\PROGRAM FILES\FILESUBMIT\PRETTY SPARKLES\ATOOLBAR400134.EXE

Trojan.Services/Inet
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1018\A0362962.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1018\A0364150.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1019\A0365176.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1020\A0365223.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1021\A0365268.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1023\A0366418.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1024\A0366476.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366534.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1026\A0366609.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1027\A0366670.EXE
C:\WINDOWS\INET20000\KILLER.EXE
C:\WINDOWS\INET20000\KILLER.EXE.BAK
C:\WINDOWS\INET20000\MM.PID

Malware.SpyMarshal
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1018\A0364133.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1019\A0365166.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1020\A0365213.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1021\A0365258.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1021\A0365286.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1025\A0366561.EXE
C:\WINDOWS\TEMPF.TXT
C:\WINDOWS\UNIST1.HTM

Trojan.Downloader-Gen/Q
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7210B513-499C-4448-A137-70DDFBA845DE}\RP1027\A0366735.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\AAA00000.SYS
C:\WINDOWS\UNINST2.HTM

Trojan.Downloader-ASPI
C:\WINDOWS\SYSTEM32\ASPI1635912.EXE

Adware.Search-Exe
C:\WINDOWS\SYSTEM32\SE.EXE

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\SSTQP.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFG32.SYS

Adware.Vundo Variant
C:\WINDOWS\TEMP\ASHEURISTIC\SSTQP_DLL.VIR






Logfile of HijackThis v1.99.1
Scan saved at 5:35:06 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
C:\Program Files\Calenz\Calenz.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlparena....php?name=Forums
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Calenz Startup.lnk = C:\Program Files\Calenz\Calenz.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\BJ\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120340141859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 205.171.3.65,205.171.2.65
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

#4
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
The 2 O17's that are there now are legit and not the ones I asked you to fix

It appears that Mcafee is not active any more as the log appears to be from normal mode and no AV is loaded


Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft....eweb.php/doc/2/
==============================

Fix this with hijack

R3 - Default URLSearchHook is missing


How are things???


Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP